AM-14 Access Management

Remote Access / VPN

Remote connectivity is authenticated, encrypted, restricted.

Domain: Access Management
Control type: Preventive
Automated / manual: Automated
Frequency: Continuous
Framework reference: MAS TRM – Network

What good looks like

Remote access via encrypted VPN with MFA, restricted to authorised users; split-tunnel controlled.

Risk if it fails

Unauthorised external network entry.

How Tess tests it

4 tests — each concludes only on cited evidence.

Remote-access standard requires VPN+MFA+encryption

Design

Procedure: Inspect the standard.
Expected: Requirements defined.
Sample: 1 (design inspection)
Evidence: VPN config, authorised-user list, connection logs.

VPN enforces MFA and strong encryption

Operating

Procedure: Inspect VPN configuration.
Expected: MFA on; modern cipher suite.
Sample: 25 (or full config inspection)
Evidence: VPN config, authorised-user list, connection logs.

VPN access limited to authorised users

Operating

Procedure: Reconcile VPN users to authorised list.
Expected: Matches authorised personnel.
Sample: 25 (or full config inspection)
Evidence: VPN config, authorised-user list, connection logs.

Split-tunnelling controlled

Operating

Procedure: Inspect VPN configuration.
Expected: Configured per policy.
Sample: 25 (or full config inspection)
Evidence: VPN config, authorised-user list, connection logs.

Evidence Tess looks for

VPN config, authorised-user list, connection logs.

More in Access Management

AM-01 IT Organisation & Segregation AM-02 Password / Authentication Policy AM-03 Multi-Factor Authentication (MFA) AM-04 Centralised Identity / SSO

Want Tess to test AM-14 against your evidence?